Is there a size Limit of SAML Assertion?
search cancel

Is there a size Limit of SAML Assertion?

book

Article ID: 24147

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Question :

In order to reduce the risk of bad SAML Assertions arriving at the Policy Server, I would like to know how the size of the Assertion is verified at the Assertion Consumer in the Web Agent Option Pack? What is the default size limit and where can we change it?

 

Environment

Release: ETRSBB99000-12.52-SiteMinder-B to B
Component:

Resolution

Answer :

The size of an Assertion is never verified at the Assertion Consumer from the Web Agent Option Pack. More, there is no default size limit, for the simple reason that the size of the assertion/response may vary. Consider a scenario where Identity Provider wants to add more attributes, or wants to do some other changes, like encrypting the response with some other algorithms, or using a digital signature. Hence, keeping an upper limit would discard that valid assertion as well, which is never recommended.

Powered by Wolken Software